US7177421B2 - Authentication engine architecture and method - Google Patents

Authentication engine architecture and method Download PDF

Info

Publication number
US7177421B2
US7177421B2 US09/827,882 US82788201A US7177421B2 US 7177421 B2 US7177421 B2 US 7177421B2 US 82788201 A US82788201 A US 82788201A US 7177421 B2 US7177421 B2 US 7177421B2
Authority
US
United States
Prior art keywords
hash
round
authentication
data
engine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related, expires
Application number
US09/827,882
Other languages
English (en)
Other versions
US20020001384A1 (en
Inventor
Mark Buer
Patrick Y. Law
Zheng Qi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Avago Technologies International Sales Pte Ltd
Original Assignee
Broadcom Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US09/827,882 priority Critical patent/US7177421B2/en
Application filed by Broadcom Corp filed Critical Broadcom Corp
Priority to DE60113395T priority patent/DE60113395T2/de
Priority to EP01927441A priority patent/EP1273129B1/fr
Priority to PCT/US2001/040507 priority patent/WO2001080483A2/fr
Priority to AU2001253888A priority patent/AU2001253888A1/en
Priority to AT01927441T priority patent/ATE304759T1/de
Assigned to BROADCOM CORPORATION reassignment BROADCOM CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BUER, MARK, LAW, PATRICK Y., QI, ZHENG
Publication of US20020001384A1 publication Critical patent/US20020001384A1/en
Assigned to BROADCOM CORPORATION reassignment BROADCOM CORPORATION CORRECTIVE ASSIGNMENT TO CORRECT THE DOCUMENT EXECUTION DATES OF THE ASSIGNORS PREVIOUSLY RECORDED AT REEL 011957 FRAME 0328. Assignors: BUER, MARK, LAW, PATRICK Y., QI, ZHENG
Priority to US11/650,422 priority patent/US8000469B2/en
Publication of US7177421B2 publication Critical patent/US7177421B2/en
Application granted granted Critical
Assigned to BANK OF AMERICA, N.A., AS COLLATERAL AGENT reassignment BANK OF AMERICA, N.A., AS COLLATERAL AGENT PATENT SECURITY AGREEMENT Assignors: BROADCOM CORPORATION
Assigned to AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD. reassignment AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BROADCOM CORPORATION
Assigned to BROADCOM CORPORATION reassignment BROADCOM CORPORATION TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS Assignors: BANK OF AMERICA, N.A., AS COLLATERAL AGENT
Assigned to AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITED reassignment AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITED MERGER (SEE DOCUMENT FOR DETAILS). Assignors: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD.
Assigned to AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITED reassignment AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITED CORRECTIVE ASSIGNMENT TO CORRECT THE EXECUTION DATE PREVIOUSLY RECORDED AT REEL: 047196 FRAME: 0097. ASSIGNOR(S) HEREBY CONFIRMS THE MERGER. Assignors: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD.
Adjusted expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/125Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations

Definitions

  • the present invention relates generally to the field of cryptography, and more specifically to an architecture and method for cryptography acceleration.
  • the invention is directed to a hardware implementation to increase the speed at which authentication procedures may be performed on data packets transmitted over a computer network.
  • Cryptography accelerator chips may be included in routers or gateways, for example, in order to provide automatic IP packet encryption/decryption.
  • Cryptography protocols typically incorporate both encryption/decryption and authentication functionalities.
  • Encryption/decryption relates to enciphering and deciphering data
  • authentication is concerned with data integrity, including confirming the identity of the transmitting party and ensuring that a data packet has not been tampered with en route to the recipient. It is known that by incorporating both encryption and authentication functionalities in a single accelerator chip, over-all system performance can be enhanced.
  • cryptography protocols which incorporate encryption/decryption and authentication functionalities include SSL (Netscape Communications Corporation), commonly used in electronic commerce transactions, and the more recently promulgated industry security standard known as “IPSec.” These protocols and their associated algorithms are well known in the cryptography art and are described in detail in National Institute of Standards and Technology (NIST), IETF and other specifications, some of which are identified (for example, by IETF RFC#) below for convenience. These specifications are incorporated herein by reference for all purposes.
  • SSL uses a variant of HMAC (RFC2104) for authentication.
  • the underlying hash algorithm can be either MD5 (RFC1321) and SHA1 (NIST).
  • the key generation algorithm in SSL also relies on a sequence of MD5 and SHA1 operations.
  • SSL deploys algorithms such as RC4, DES, triple DES for encryption/decryption operations.
  • the IP layer security standard protocol, IPSec (RFC2406) specifies two standard algorithms for performing authentication operations, HMAC-MD5-96 (RFC2403) and HMAC-SHA1-96 (RFC2404). These algorithms are based on the underlying MD5 and SHA1 algorithms, respectively.
  • the goal of the authentication computation is to generate a unique digital representation, called a digest, for the input data.
  • Both MD5 and SHA1 specify that data is to be processed in 512-bit blocks. If the data in a packet to be processed is not of a multiple of 512 bits, padding is applied to round up the data length to a multiple of 512 bits. Thus, if a data packet that is received by a chip for an authentication is larger then 512 bits, the packet is broken into 512-bits data blocks for authentication processing. If the packet is not a multiple of 512 bits, the data left over following splitting of the packet into complete 512-bit blocks must be padded in order to reach the 512-bit block processing size. The same is true if a packet contains fewer than 512 bits of data. For reference, a typical Ethernet packet is up to 1,500 bytes.
  • MD5 and SHA1 specify 64 rounds and 80 rounds, respectively, based on different non-linear and shift functions, as well as different operating sequences. In every round, the operation starts with certain hash states (referred to as “context”) held by hash state registers (in hardware) or variables (in software), and ends with a new set of hash states (i.e., an initial “set” of hash states and an end set; a “set” may be of 4 or 5 for the number of registers used by MD5 and SHA1, respectively). MD5 and SHA1 each specify a set of constants as the initial hash states for the first 512-bit block. The following blocks use initial hash states resulting from additions of the initial hash states and the ending hash states of the previous blocks.
  • MD5 and SHA1 rounds are translated into clock cycles in hardware implementations.
  • the computation of the padded portion of the data is also generally considered performance overhead because it is not part of the true data. Accordingly, the performance of MD5 and SHA1 degrade the most when the length of the padding is about the same as the length of the data (e.g., as described above, when a packet has just fewer than 512 bits of data and the padding logic requires an extra 512-bit to be added for holding the pad values).
  • HMAC-MD5-96 and HMAC-SHA1-96 algorithms used in IPSec expand MD5 and SHA1, respectively, by performing two loops of operations.
  • the HMAC algorithm for either MD5 or SHA1 (HMAC-x algorithm) is depicted in FIG. 1 .
  • the inner hash (inner loop) and the outer hash (outer loop) use different initial hash states.
  • the outer hash is used to compute a digest based on the result of the inner hash. Since the result of the inner hash is 128 bits long for MD5 and 160 bits long for SHA1, the result must always be padded up to 512 bits and the outer hash only processes the one 512-bit block of data.
  • HMAC-MD5-96 and HMAC-SHA1-96 provide a higher level of security, however additional time is needed to perform the outer hash operation. This additional time becomes significant when the length of the data to be processed is short, in which case, the time required to perform the outer hash operation is comparable to the time required to perform the inner hash operation.
  • Authentication represents a significant proportion of the time required to complete cryptography operations in the application of cryptography protocols incorporating both encryption/decryption and MD5 and/or SHA1 authentication functionalities.
  • authentication is often the time limiting step, particularly for the processing of short packets, and thus creates a data processing bottleneck. Accordingly, techniques to accelerate authentication and relieve this bottleneck would be desirable. Further, accelerated implementations of multi-round authentication algorithms would benefit any application these authentication algorithms.
  • the present invention provides an architecture (hardware implementation) for an authentication engine to increase the speed at which multi-loop and/or multi-round authentication algorithms may be performed on data packets transmitted over a computer network.
  • the invention has particular application to the variants of the SHA1 and MD5 authentication algorithms specified by the IPSec cryptography standard.
  • the invention may be used in conjunction with data encryption/decryption architecture and protocols.
  • it is also suitable for use in conjunction with other non-IPSec cryptography algorithms, and for applications in which encryption/decryption is not conducted (in IPSec or not) and where it is purely authentication that is accelerated.
  • an authentication engine in accordance with the present invention provides improved performance with regard to the processing of short data packets.
  • Authentication engines in accordance with the present invention apply a variety of techniques that may include, in various applications, collapsing two multi-round authentication algorithm (e.g., SHA1 or MD5 or variants) processing rounds into one; reducing operational overhead by scheduling the additions required by a multi-round authentication algorithm in such a manner as to reduce the overall critical timing path (“hiding the adds”); and, for a multi-loop (e.g., HMAC) variant of a multi-round authentication algorithm, pipelining the inner and outer loops.
  • a multi-loop e.g., HMAC
  • collapsing of the conventional 80 SHA1 rounds into 40 rounds, hiding the adds, and pipelining the inner and outer loops allows HMAC-SHA1 to be conducted in approximately the same time as conventional SHA1.
  • the present invention pertains to an authentication engine architecture for a multi-loop, multi-round authentication algorithm.
  • the architecture includes a first instantiation of a multi-round authentication algorithm hash round logic in an inner hash engine, and a second instantiation of a multi-round authentication algorithm hash round logic in an outer hash engine.
  • a dual-frame payload data input buffer configured for loading one new data block while another data block is being processed in the inner hash engine
  • an initial hash state input buffer configuration for loading initial hash states to the inner and outer hash engines for concurrent inner hash and outer hash operations
  • a dual-ported ROM configured for concurrent constant lookups for both inner and outer hash engines are also included.
  • the multi-loop, multi-round authentication algorithm may be HMAC-MD5 or HMAC-SHA1.
  • the invention in another aspect, pertains to an authentication engine architecture for a multi-round authentication algorithm.
  • the architecture includes a hash engine configured to implement hash round logic for a multi-round authentication algorithm.
  • the hash round logic implementation includes at least one addition module having a plurality of carry save adders for computation of partial products, and a carry look-ahead adder for computation and propagation of a final sum.
  • the multi-round authentication algorithm may be MD5 or SHA1.
  • the invention pertains to an authentication engine architecture for an SHA1 authentication algorithm.
  • the architecture includes at least one hash engine configured to implement hash round logic.
  • the logic implementation includes five hash state registers, one critical and four non-critical data paths associated with the five registers. In successive SHA1 rounds, registers having the critical path are alternative.
  • the invention in another aspect, pertains to a method of authenticating data transmitted over a computer network.
  • the method involves receiving a data packet stream, splitting the packet data stream into fixed-size data blocks, and processing the fixed-size data blocks using a multi-loop, multi-round authentication engine architecture having a hash engine core with an inner hash engine and an outer hash engine.
  • the architecture is configured to pipeline the hash operations of the inner hash and outer hash engines, collapse and rearrange multi-round logic to reduce rounds of hash operations, and implement multi-round logic to schedule addition computations to be conducted in parallel with round operations.
  • the multi-loop, multi-round authentication algorithm may be HMAC-MD5 or HMAC-SHA1.
  • the invention in another aspect, pertains to a method of authenticating data transmitted over a computer network.
  • the method involves receiving a data packet stream, splitting the packet data stream into fixed-size data blocks, processing the fixed-size data blocks using a multi-round authentication engine architecture.
  • the architecture implements hash round logic for a multi-round authentication algorithm configured to schedule addition computations to be conducted in parallel with round operations.
  • the multi-round authentication algorithm may be MD5 or SHA1.
  • the invention pertains to a method of authenticating data transmitted over a computer network using an SHA1 authentication algorithm.
  • the method involves providing five hash state registers, and providing data paths from the five state registers such that four of the five data paths from the registers in any SHA1 round are not timing critical.
  • FIG. 1 is a high-level block diagram depicting the HMAC-x algorithm (HMAC for either MD5 or SHA1) implemented in the IPSec standard protocol.
  • HMAC HMAC for either MD5 or SHA1
  • FIG. 2 is a high-level block diagram of an authentication engine architecture in accordance with one embodiment the present invention.
  • FIG. 3 is a time study diagram illustrating the critical path of the conventional round logic of the SHA1 authentication algorithm.
  • FIG. 4 is a time study diagram illustrating the critical path of the round logic of the SHA1 authentication algorithm in accordance with one embodiment the present invention.
  • FIG. 5 is a high-level block diagram of an SHA1 hash engine illustrating the major elements of a round logic design in accordance with one embodiment the present invention.
  • FIG. 6 is a lower-level block diagram illustrating details of the scheduling of the additions within the round logic design of FIG. 5 .
  • the present invention provides an architecture (hardware implementation) for an authentication engine to increase the speed at which multi-loop and/or multi-round authentication algorithms may be performed on data packets transmitted over a computer network.
  • Authentication engines in accordance with the present invention apply a variety of techniques that may include, in various applications, collapsing two multi-round authentication algorithm (e.g., SHA1 or MD5 or variants) processing rounds into one; reducing operational overhead by scheduling the additions required by a multi-round authentication algorithm (e.g., SHA1 or variants) in such a manner as to reduce the overall critical timing path (“hiding the adds”); and, for an HMAC (multi loop) variant of a multi-round authentication algorithm, pipelining the inner and outer loops.
  • an authentication engine in accordance with the present invention provides improved performance with regard to the processing of short data packets.
  • the present invention may be implemented in a variety of ways. As described in this application, the invention has particular application to the variants of the SHA1 and MD5 authentication algorithms specified by the IPSec cryptography standard. In the following description, the invention is discussed primarily in connection with the IPSec protocol. However, one of skill in the art will recognize that various aspects of the invention may also be applied to multi-loop and/or multi-round authentication algorithms generally, whether or not used with IPSec or in conjunction with cryptography operations at all. Further, while the aspects of the present invention described below are used together in a preferred embodiment of the invention, some aspects may be used independently to accelerate authentication operations. For example, the pipelining operations are particularly applicable to multi-loop, multi-round authentication algorithms; the round-collapsing operations are particularly applicable to SHA1 and variant authentication algorithms; while the scheduling of the additions may be applied to any multi-round authentication algorithm.
  • FIG. 2 is a high-level block diagram of an authentication engine architecture in accordance with one embodiment the present invention.
  • the engine architecture implements a pipelined structure to hide the time required for performing the outer hash operation when multiple data payloads are fed to the engine continuously.
  • the engine architecture includes a core having two instantiations of the hash round logic; in this instance, inner and outer hash engines (inner and outer loops) for each of the MD5 hash round logic and the SHA1 hash round logic supported by the IPSec protocol.
  • Pipeline control logic ensures that the outer hash operation for one data payload is performed in parallel with the inner hash operation of the next data payload in the packet stream fed to the authentication engine.
  • a dual-frame input buffer is used for the inner hash engine, allowing one new 512-bit block to be loaded while another one is being processed, and the initial hash states are double buffered for concurrent inner hash and outer hash operations.
  • dual-ported ROM is used for concurrent constant lookups by both inner and outer hash engines.
  • the engine 200 includes a dual-frame input data payload buffer 201 , in this instance having left frame 202 , and a right frame 204 .
  • Input data payloads received by the engine 200 are distributed between the frames 202 , 204 of the input data buffer 201 so that one data block may be loaded into the buffer while another one is being processed downstream in the data flow.
  • FIG. 2 illustrates an implementation of the present invention for processing IPSec packets
  • the architecture includes hash engines for the MD5 and SHA1 authentication protocols supported by IPSec.
  • the input data payloads are loaded into the dual frames of the input data buffer 201 , split into 512-bit data blocks, padded if necessary (i.e., where the data block is less than 512 bits) and stored prior to being passed to an inner hash engine for processing.
  • a multiplexer 206 controls the flow of 512-bit data blocks from the frames of the input buffer to an inner hash engine.
  • Initial hash states are needed on per packet basis for the first data block of each packet.
  • Initial hash states are generated by software based on the authentication key and some default constant states based on the HMAC algorithm (pre-hashed), in accordance the specifications for these algorithms. This is typically done once per key. Alternatively, the initial states may be derived from the default constant states and the authentication key using the same hardware for every packet that requires authentication.
  • the initial hash states for the inner hash of a given data block are loaded into a buffer 214 associated with the inner hash engine(s) 210 , 212 .
  • the initial hash states for the outer hash of that data block are loaded into the first 215 of a pair of buffers 215 , 216 (referred to as an HMAC state buffer) associated with the outer hash engine(s) 220 , 222 .
  • the outer hash states for that block are loaded into the second buffer 216
  • the inner and outer initial hash states for the next packet to be processed are loaded into the buffers 214 , 215 , respectively.
  • the synchronization of the inner and outer hash states for a given data block is maintained, and the initial hash states are available for concurrent inner hash and outer hash operations.
  • the double buffering of the hash states allows initial hash states of the second packet to be loaded while the first packet is being processed so that the data processing is continuous from packet to packet, thereby maximizing the efficiency and processing power of the hash engine.
  • the engine 200 further includes a dual-ported ROM 218 .
  • the dual-ported ROM 218 further facilitates the parallel inner and outer hash operations by allowing for concurrent constant lookups by both inner and outer hash engines.
  • the inner hash is conducted on all 512 bit blocks of a given data packet.
  • the result of inner hash is 128 bits long for MD5 and 160 bits long for SHA1.
  • the result is padded up to 512 bits and the outer hash processes the one 512-bit block of data to compute a digest based on the result of the inner hash.
  • An output buffer 230 stores the digest and outputs it through a multiplexer 232 .
  • HMAC-SHA1-96 is about twenty-five percent slower than HMAC-MD5-96 in terms of the total computation rounds.
  • One way to improve HMAC-SHA1-96 in an IPSec-supporting hardware implementation is to collapse multiple rounds of logic into single clock cycle thus the total number of clocks required for HMAC-SHA1-96 operation is reduced.
  • the same approach may be applied to any multi-round authentication algorithm. However, simply collapsing the logic for multiple rounds into a single clock cycle can cause the delay to compute the collapsed logic to increase, therefore reducing the maximum clock frequency.
  • FIG. 3 is a time study diagram illustrating the timing critical path of the conventional round logic of the SHA1 authentication algorithm.
  • Registers a, b, c, d and e hold the intermediate hash states between rounds. They are duplicated in this figure to demonstrate the ending points of the logic paths clearly. In the actual design, the paths are fed back to the same set of registers because the round logic is reused 80 times.
  • the “+” symbols identify standard adders implemented as carry look-ahead adders (CLAs).
  • W i represents the incoming payload.
  • K i represents a constant, obtained from ROM used in the authentication computations.
  • timing critical paths are from registers b, c and d, going through the non-linear function (defined by the SHA1 specification) and the adders and ending at register a.
  • Registers b, c, d and e each receives a non-critical input (b receives a, etc.).
  • FIG. 4 is a time study diagram illustrating the timing critical path of the collapsed round logic of the SHA1 authentication algorithm in accordance with one embodiment the present invention.
  • the SHA1 algorithm specifies five registers. As illustrated above, the data path of four of the five registers in any SHA1 round are not critical (time limiting). In accordance with this invention, in successive SHA1 rounds the registers having the critical path are alternative so that four registers worth of data may always be passed on to the next round prior to completion of the critical path in the current round.
  • the critical path computation of the second round is independent of that of the first round, since the receiving register of the critical path of the first round (i.e., register a) is not the driving register of the critical path of the second round (i.e., register e).
  • register a the receiving register of the critical path of the first round
  • register e the driving register of the critical path of the second round
  • the eighty rounds of an SHA1 loop are collapsed into forty rounds.
  • the collapsing of rounds is accomplished by having a single set of registers (the preferred embodiment has 5 registers as defined by the IPSec protocol) with two rounds of logic. It is contemplated that the techniques of invention described herein can also be applied to further collapse the number of SHA1 rounds in an SHA1 loop into twenty or even fewer rounds.
  • both MD5 and SHA1 algorithms specify that the final hash states of every 512-bit block are to be added together with the initial hash states. The results are then used as the initial states of the next 512-bit block.
  • MD5 values of four pairs of 32-bit registers need to be added and in SHA1, five pairs. Considering that each 32-bit addition takes one clock cycle, a typical hardware implementation would use four extra cycles in MD5 and five extra cycles in SHA1 to perform these additions if hardware resources are limited.
  • a plurality of adds with the final hash states may be accomplished in a single clock cycle.
  • An example is shown in the “collapsed SHA1” table, in which the five adds are performed in just three clock cycles T 39 , T 40 and T 1 of the next loop.
  • this aspect of the present invention is applicable to both collapsed and non-collapsed multi-round authentication algorithms. Implementation of this aspect of the present invention in conjunction with a collapsed multi-round algorithm is particularly advantageous since hiding of adding steps becomes increasingly important as the number of rounds is decreased. Adds that are not hidden in the manner of this aspect of the present invention would represent an even larger proportion of overhead in a collapsed round implementation than in an implementation with a higher number of rounds.
  • FIG. 5 is a high-level block diagram of an SHA1 hash engine illustrating the major elements of a collapsed round logic design in accordance with one embodiment the present invention consistent with the timing critical path study of FIG. 4 .
  • the design makes use of carry save adders (CSA; delay is equivalent to 1-bit adder), taking advantage of their capacity to add multiple quantities together.
  • CSAs efficiently add multiple quantities together to generate partial products which are not propagated.
  • Two comprehensive addition modules, add5to1 and add4to1 in the figure each uses several stages of CSA followed-by a carry look-ahead (CLA) adder, as illustrated and described in more detail with reference to FIG. 6 , below.
  • CLA carry look-ahead
  • the hash engine has five registers, A, B, C, D and E.
  • the initial hash state in register A (a 1 ) goes through a 5-bit circular shift and is added to the initial hash state in register E (e 1 ), the payload data (W i ), a constant (K i ), and the result of a function (F t ) of the initial hash states in registers B, C and D by an add5to1 adder module that is built by CSA and CLA adders.
  • the initial hash state in register D (d 1 ) is added to the payload data (W i+1 ), a constant (K i+1 ), and the result of a function (F t ) of the initial hash states in registers A, B (which passes through a 30-bit circular shift) and C by an add4to1 adder module that is built by CSA and CLA adders.
  • the adder modules conclude with a carry look-ahead (CLA) adder.
  • CLA carry look-ahead
  • the sum of each adder module is added by a CLA adder to generate and propagate a final sum for the round which is then fed back into register A for the next round.
  • the most timing critical input of these two modules needs only to go through the last CLA stage.
  • FIG. 6 is a lower-level block diagram illustrating details of the scheduling of the additions within the round logic design of FIG. 5 .
  • the operation is done in two steps.
  • CLA carry look-ahead adder
  • CSA carry save adders
  • the overall delay is equivalent to two 32-bit CLA delays plus one 32-bit CSA delay plus the delay for function ‘f’ for the most timing critical path.

Landscapes

  • Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Stored Programmes (AREA)
  • Communication Control (AREA)
  • Storage Device Security (AREA)
US09/827,882 2000-04-13 2001-04-04 Authentication engine architecture and method Expired - Fee Related US7177421B2 (en)

Priority Applications (7)

Application Number Priority Date Filing Date Title
US09/827,882 US7177421B2 (en) 2000-04-13 2001-04-04 Authentication engine architecture and method
DE60113395T DE60113395T2 (de) 2000-04-13 2001-04-11 Verfahren und architektur zur authentifizierung
EP01927441A EP1273129B1 (fr) 2000-04-13 2001-04-11 Architecture et procede d'authentification
PCT/US2001/040507 WO2001080483A2 (fr) 2000-04-13 2001-04-11 Architecture et procede d'authentification
AU2001253888A AU2001253888A1 (en) 2000-04-13 2001-04-11 Authentication engine architecture and method
AT01927441T ATE304759T1 (de) 2000-04-13 2001-04-11 Verfahren und architektur zur authentifizierung
US11/650,422 US8000469B2 (en) 2000-04-13 2007-01-08 Authentication engine architecture and method

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US19715200P 2000-04-13 2000-04-13
US26142501P 2001-01-12 2001-01-12
US09/827,882 US7177421B2 (en) 2000-04-13 2001-04-04 Authentication engine architecture and method

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US11/650,422 Continuation US8000469B2 (en) 2000-04-13 2007-01-08 Authentication engine architecture and method

Publications (2)

Publication Number Publication Date
US20020001384A1 US20020001384A1 (en) 2002-01-03
US7177421B2 true US7177421B2 (en) 2007-02-13

Family

ID=27393706

Family Applications (2)

Application Number Title Priority Date Filing Date
US09/827,882 Expired - Fee Related US7177421B2 (en) 2000-04-13 2001-04-04 Authentication engine architecture and method
US11/650,422 Expired - Fee Related US8000469B2 (en) 2000-04-13 2007-01-08 Authentication engine architecture and method

Family Applications After (1)

Application Number Title Priority Date Filing Date
US11/650,422 Expired - Fee Related US8000469B2 (en) 2000-04-13 2007-01-08 Authentication engine architecture and method

Country Status (6)

Country Link
US (2) US7177421B2 (fr)
EP (1) EP1273129B1 (fr)
AT (1) ATE304759T1 (fr)
AU (1) AU2001253888A1 (fr)
DE (1) DE60113395T2 (fr)
WO (1) WO2001080483A2 (fr)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050044365A1 (en) * 2003-08-22 2005-02-24 Nokia Corporation Method of protecting digest authentication and key agreement (AKA) against man-in-the-middle (MITM) attack
US20050123140A1 (en) * 2003-12-04 2005-06-09 Feghali Wajdi K. Technique for implementing a security algorithm
US20070110230A1 (en) * 2000-04-13 2007-05-17 Broadcom Corporation Authentication engine architecture and method
US7684563B1 (en) * 2003-12-12 2010-03-23 Sun Microsystems, Inc. Apparatus and method for implementing a unified hash algorithm pipeline
US20100135484A1 (en) * 2008-11-28 2010-06-03 Canon Kabushiki Kaisha Hash value calculation apparatus and method thereof
US8514855B1 (en) * 2010-05-04 2013-08-20 Sandia Corporation Extensible packet processing architecture
US8874933B2 (en) * 2012-09-28 2014-10-28 Intel Corporation Instruction set for SHA1 round processing on 128-bit data paths
WO2017123902A1 (fr) * 2016-01-15 2017-07-20 Blockchain Asics Llc Asic cryptographique incluant une fonction de transformation codée dans les circuits
US10200196B1 (en) 2018-04-25 2019-02-05 Blockchain Asics Llc Cryptographic ASIC with autonomous onboard permanent storage
US10372943B1 (en) 2018-03-20 2019-08-06 Blockchain Asics Llc Cryptographic ASIC with combined transformation and one-way functions
US11714620B1 (en) 2022-01-14 2023-08-01 Triad National Security, Llc Decoupling loop dependencies using buffers to enable pipelining of loops

Families Citing this family (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7996670B1 (en) 1999-07-08 2011-08-09 Broadcom Corporation Classification engine in a cryptography acceleration chip
US6477646B1 (en) 1999-07-08 2002-11-05 Broadcom Corporation Security chip architecture and implementations for cryptography acceleration
US7328349B2 (en) * 2001-12-14 2008-02-05 Bbn Technologies Corp. Hash-based systems and methods for detecting, preventing, and tracing network worms and viruses
US20040064737A1 (en) * 2000-06-19 2004-04-01 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of polymorphic network worms and viruses
US20040073617A1 (en) * 2000-06-19 2004-04-15 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail
US20020061107A1 (en) 2000-09-25 2002-05-23 Tham Terry K. Methods and apparatus for implementing a cryptography engine
US7277542B2 (en) 2000-09-25 2007-10-02 Broadcom Corporation Stream cipher encryption application accelerator and methods thereof
US7299355B2 (en) 2001-01-12 2007-11-20 Broadcom Corporation Fast SHA1 implementation
US7200105B1 (en) 2001-01-12 2007-04-03 Bbn Technologies Corp. Systems and methods for point of ingress traceback of a network attack
US7489779B2 (en) * 2001-03-22 2009-02-10 Qstholdings, Llc Hardware implementation of the secure hash standard
US7249255B2 (en) * 2001-06-13 2007-07-24 Corrent Corporation Apparatus and method for a hash processing system using multiple hash storage areas
US7360076B2 (en) 2001-06-13 2008-04-15 Itt Manufacturing Enterprises, Inc. Security association data cache and structure
US7213148B2 (en) 2001-06-13 2007-05-01 Corrent Corporation Apparatus and method for a hash processing system using integrated message digest and secure hash architectures
US20020191783A1 (en) * 2001-06-13 2002-12-19 Takahashi Richard J. Method and apparatus for creating a message digest using a multiple round, one-way hash algorithm
US7266703B2 (en) 2001-06-13 2007-09-04 Itt Manufacturing Enterprises, Inc. Single-pass cryptographic processor and method
US7861104B2 (en) 2001-08-24 2010-12-28 Broadcom Corporation Methods and apparatus for collapsing interrupts
US7403615B2 (en) 2001-08-24 2008-07-22 Broadcom Corporation Methods and apparatus for accelerating ARC4 processing
TWI230532B (en) * 2002-03-05 2005-04-01 Admtek Inc Pipelined engine for encryption/authentication in IPSEC
US7237262B2 (en) * 2002-07-09 2007-06-26 Itt Manufacturing Enterprises, Inc. System and method for anti-replay processing of a data packet
US7191341B2 (en) * 2002-12-18 2007-03-13 Broadcom Corporation Methods and apparatus for ordering data in a cryptography accelerator
US7568110B2 (en) * 2002-12-18 2009-07-28 Broadcom Corporation Cryptography accelerator interface decoupling from cryptography processing cores
US7181009B1 (en) 2002-12-18 2007-02-20 Cisco Technology, Inc. Generating message digests according to multiple hashing procedures
US7434043B2 (en) 2002-12-18 2008-10-07 Broadcom Corporation Cryptography accelerator data routing unit
US20040123123A1 (en) * 2002-12-18 2004-06-24 Buer Mark L. Methods and apparatus for accessing security association information in a cryptography accelerator
US20040123120A1 (en) * 2002-12-18 2004-06-24 Broadcom Corporation Cryptography accelerator input interface data handling
CN100449986C (zh) * 2003-01-28 2009-01-07 华为技术有限公司 一种提高键入-散列法运算速度的方法
US8041957B2 (en) * 2003-04-08 2011-10-18 Qualcomm Incorporated Associating software with hardware using cryptography
US20040268123A1 (en) * 2003-06-27 2004-12-30 Nokia Corporation Security for protocol traversal
US7826614B1 (en) 2003-11-05 2010-11-02 Globalfoundries Inc. Methods and apparatus for passing initialization vector information from software to hardware to perform IPsec encryption operation
WO2005101793A1 (fr) * 2004-04-14 2005-10-27 Nortel Networks Limited Securisation de la communication d'agent domestique avec un noeud mobile avec une cle ha-mn
US20060136717A1 (en) 2004-12-20 2006-06-22 Mark Buer System and method for authentication via a proximate device
US8295484B2 (en) 2004-12-21 2012-10-23 Broadcom Corporation System and method for securing data from a remote input device
JP4549303B2 (ja) * 2005-02-07 2010-09-22 株式会社ソニー・コンピュータエンタテインメント パイプラインを用いてメッセージ認証コードを提供する方法および装置
US8059551B2 (en) * 2005-02-15 2011-11-15 Raytheon Bbn Technologies Corp. Method for source-spoofed IP packet traceback
KR100581662B1 (ko) 2005-08-31 2006-05-22 주식회사 칩스앤미디어 알고리즘이 다른 복수의 해쉬 함수 연산을 위한 공통엔진
US7921303B2 (en) 2005-11-18 2011-04-05 Qualcomm Incorporated Mobile security system and method
US7995584B2 (en) * 2007-07-26 2011-08-09 Hewlett-Packard Development Company, L.P. Method and apparatus for detecting malicious routers from packet payload
US8363827B2 (en) * 2007-12-03 2013-01-29 Intel Corporation Method and apparatus for generic multi-stage nested hash processing
GB0812593D0 (en) * 2008-07-09 2008-08-20 Univ Belfast Data security devices and methods
US20110019814A1 (en) * 2009-07-22 2011-01-27 Joseph Roy Hasting Variable sized hash output generation using a single hash and mixing function
US9405537B2 (en) * 2011-12-22 2016-08-02 Intel Corporation Apparatus and method of execution unit for calculating multiple rounds of a skein hashing algorithm
US10097345B2 (en) * 2015-04-14 2018-10-09 PeerNova, Inc. Secure hash algorithm in digital hardware for cryptographic applications
US11070380B2 (en) 2015-10-02 2021-07-20 Samsung Electronics Co., Ltd. Authentication apparatus based on public key cryptosystem, mobile device having the same and authentication method
US10454670B2 (en) * 2016-06-10 2019-10-22 Cryptography Research, Inc. Memory optimization for nested hash operations
CN107835071B (zh) * 2017-11-03 2020-02-21 中国人民解放军国防科技大学 一种提高键入-散列法运算速度的方法和装置
CN111899104B (zh) * 2018-11-27 2023-12-01 创新先进技术有限公司 一种业务执行方法及装置
CN112564922B (zh) * 2020-12-22 2022-07-26 创元网络技术股份有限公司 基于拟态计算的多功能集成高速hmac-sha1口令恢复方法

Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4041292A (en) * 1975-12-22 1977-08-09 Honeywell Information Systems Inc. High speed binary multiplication system employing a plurality of multiple generator circuits
US4754422A (en) * 1983-12-28 1988-06-28 Hitachi, Ltd. Dividing apparatus
US4801935A (en) * 1986-11-17 1989-01-31 Computer Security Corporation Apparatus and method for security of electric and electronic devices
US5297206A (en) 1992-03-19 1994-03-22 Orton Glenn A Cryptographic method for communication and electronic signatures
US5299319A (en) 1990-04-04 1994-03-29 International Business Machines Corporation High performance interlock collapsing SCISM ALU apparatus
US5548544A (en) 1994-10-14 1996-08-20 Ibm Corporation Method and apparatus for rounding the result of an arithmetic operation
US5796836A (en) 1995-04-17 1998-08-18 Secure Computing Corporation Scalable key agile cryptography
US5870474A (en) 1995-12-04 1999-02-09 Scientific-Atlanta, Inc. Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers
US5936967A (en) 1994-10-17 1999-08-10 Lucent Technologies, Inc. Multi-channel broadband adaptation processing
US5940877A (en) 1997-06-12 1999-08-17 International Business Machines Corporation Cache address generation with and without carry-in
US5943338A (en) 1996-08-19 1999-08-24 3Com Corporation Redundant ATM interconnect mechanism
US6111858A (en) 1997-02-18 2000-08-29 Virata Limited Proxy-controlled ATM subnetwork
US6216167B1 (en) 1997-10-31 2001-04-10 Nortel Networks Limited Efficient path based forwarding and multicast forwarding
US20010021253A1 (en) 2000-03-09 2001-09-13 Soichi Furuya Method and apparatus for symmetric-key encryption
US6304657B1 (en) 1999-05-26 2001-10-16 Matsushita Electric Industrial Co., Ltd. Data encryption apparatus using odd number of shift-rotations and method
WO2001080483A2 (fr) 2000-04-13 2001-10-25 Broadcom Corporation Architecture et procede d'authentification
US6334190B1 (en) * 1997-07-15 2001-12-25 Silverbrook Research Pty Ltd. System for the manipulation of secure data

Patent Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4041292A (en) * 1975-12-22 1977-08-09 Honeywell Information Systems Inc. High speed binary multiplication system employing a plurality of multiple generator circuits
US4754422A (en) * 1983-12-28 1988-06-28 Hitachi, Ltd. Dividing apparatus
US4801935A (en) * 1986-11-17 1989-01-31 Computer Security Corporation Apparatus and method for security of electric and electronic devices
US5299319A (en) 1990-04-04 1994-03-29 International Business Machines Corporation High performance interlock collapsing SCISM ALU apparatus
US5297206A (en) 1992-03-19 1994-03-22 Orton Glenn A Cryptographic method for communication and electronic signatures
US5548544A (en) 1994-10-14 1996-08-20 Ibm Corporation Method and apparatus for rounding the result of an arithmetic operation
US5936967A (en) 1994-10-17 1999-08-10 Lucent Technologies, Inc. Multi-channel broadband adaptation processing
US5796836A (en) 1995-04-17 1998-08-18 Secure Computing Corporation Scalable key agile cryptography
US5870474A (en) 1995-12-04 1999-02-09 Scientific-Atlanta, Inc. Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers
US5943338A (en) 1996-08-19 1999-08-24 3Com Corporation Redundant ATM interconnect mechanism
US6111858A (en) 1997-02-18 2000-08-29 Virata Limited Proxy-controlled ATM subnetwork
US5940877A (en) 1997-06-12 1999-08-17 International Business Machines Corporation Cache address generation with and without carry-in
US6334190B1 (en) * 1997-07-15 2001-12-25 Silverbrook Research Pty Ltd. System for the manipulation of secure data
US6216167B1 (en) 1997-10-31 2001-04-10 Nortel Networks Limited Efficient path based forwarding and multicast forwarding
US6304657B1 (en) 1999-05-26 2001-10-16 Matsushita Electric Industrial Co., Ltd. Data encryption apparatus using odd number of shift-rotations and method
US20010021253A1 (en) 2000-03-09 2001-09-13 Soichi Furuya Method and apparatus for symmetric-key encryption
WO2001080483A2 (fr) 2000-04-13 2001-10-25 Broadcom Corporation Architecture et procede d'authentification

Non-Patent Citations (42)

* Cited by examiner, † Cited by third party
Title
"Compression for Broadband Data Communications", BlueSteel Networks, Inc., Sep. 8, 1999, pp. 1-9.
"Data Sheet 7751 Encryption Processor", Network Security Processors, Jun. 1999, pp. 1-84.
"Secure Products VMS115", VLSI Technology, Inc., Printed in USA, Document Control: VMS115, VI,0, Jan. 1999, pp. 1-2.
"Securing and Accelerating e-Commerce Transactions", BlueSteel Networks, Inc., Revision 2.0, Oct. 20, 1999, pp. 1-7.
"Securing Broadband Communications", BlueSteel Networks, Inc., Sep. 8, 1999, pp. 1-10.
"VMS115 Data Sheet", VLSI Technology, Inc., a subsidiary of Philips Semiconductors, Revision 2:3, Aug. 10, 1999, pp. 1-64.
3Com: "3Com Launces New Era of Network Connectivity", 3Com Press Release, Jun. 14, 1999, pp. 1-3.
Analog Devices: "ADSP2141 SafeNetDPS User's Manual, Revision 6", Analog Devices Technical Specifications, Mar. 2000, XP002163401, 87 Pages.
Analog Devices: "Analog Devices and IRE Announce First DSP-Based Internet Security System-On-A-Chip", Analog Devices Press Release, Online, Jan. 19, 1999, pp. 1-3. http://content.analog.com/pressrelease/prdisplay/0,1622,16,00.html.
Bellare, et al., "Message Authentication Using Hash Functions-The HMAC Construction", vol. 2, No. 1, 1996, pp. 1-5.
C. Madson, R. Glenn: "RFC 2403- The Use of HMAC-MD5-96 within ESP and AH", IETF Request for Comments, Nov. 1998, XP002163402, Retrieved from Internet on Mar. 20, 2001, http://www.faqs.org/rfcs/frc2403.html, 5 pages.
Deepakumara, J., et al. "FPGA Implementation of MD5 Hash Algorithm." Electrical and Computer Engineering, 2001. Canadian Conference on May 13-16, 2001, vol. 2, pp. 919-924.
Deutsch, P., "Deflate Compressed Data Format Specification Version 1.3", Aladdin Enterprises, Network Working Group, May 1996, pp. 1-17.
Egevang, K., et al., "The IP Network Address Translator (NAT)", Network Working Group, May 1994, pp. 1-10.
Floyd, Sally, et al., "Random Early Detection Gateways for Congestion Avoidance", Lawrence Berkeley Laboratory, University of California, IEEE/ACM Transactions on Networking, Aug. 1993, pp. 1-32.
Hao-Yung Lo, et al. "A High-Speed Self-Timing Carry-Completion for Direct Two's Complement Multipliers." Circuits and Systems IEEE APCCAS 1998. The 1998 IEEE Asia-Pacific congerence on Nov. 24-27, 1998, pp. 643-646.
Harkins, D., et al., "The Internet Key Exchange (IKE)", Cisco Systems, Network Working Group, Nov. 1998, pp. 1-12.
International Search Report for Application No. PCT/US02/00642; search completed on Oct. 17, 2002, The Netherlands.
Kent, S., "IP Authentication Header", Network Working Group, Nov. 1998, pp. 1-22.
Kent, S., et al., "IP Encapsulating Security Payload (ESP)", Network Working Group, Nov. 1998, pp. 1-22.
Kent, S., et al., "Security Architecture for the Internet Protocol", Network Working Group, Nov. 1998, pp. 1-66.
Keromytis, et al., "Implementing IPsec", Global Telecommunications Conference (Globecom), IEEE, Nov. 3, 1997, pp. 1948-1952.
Maughan, D., et al., "Internet Security Association and Key Management Protocol (ISAKMP)", Network Working Group, Nov. 1998, pp. 1-20.
Pall, G. S., et al., "Microsoft Point-To-Point Encryption (MPPE) Protocol", Microsoft Corporation, Network Working Group, Internet Draft, Oct. 1999, pp. 1-12.
Pierson, et al., "Context-Agile Encryption for High Speed Communication Networks", Computer Communications Review, Assocaition for Computing Machinery, vol. 29, No. 1, Jan. 1999, pp. 35-49.
Ragab, A. et al. "An Efficient Message Digest Algorithm (MD) for Data Security." Electrical and Electronic Technology, TENCON. Proceedings of IEEE Region 10 International Conference on vol. 1, Aug. 19-22, 2001, pp. 191-197.
S. Kent, R. Atkinson: "RFC 2406-IP Encapsulating Security Payload (ESP)" IETF Request for Comments, Nov. 1998, XP002163400, Retrieved from the Internet on Mar. 20, 2001, http://www.faqs.org/rfcs/frc2406.html, 5 pages.
Sait et al, A Novel Technique for Fast Multiplication, 1995, IEEE, 109-114. *
Sait, S. M., et al. "A Novel Technique for Fast Multiplication." Computers and Communicatins, Conference Proceedings of the 1995 IEEE Fourteenth Annual International Phoenix Conference on Mar. 28-31, 1995, pp. 109-114.
Schneier, B., "Applied Cryptography, Second Edition", 1996, John Wiley & Sons, New York, pp. 436-445.
Sedgewick. R. "Algorithms in C- Third Edition,"1998, Addison Wesley, XP002163543, pp. 573-608.
Senie, D., "NAT Friendly Application Design Guidelines," Amaranth Networks, Inc., NAT Working Group, Internet-Draft, Sep. 1999, pp. 1-7.
Shenker, S., "Specification of Guaranteed Quality of Service", Network Working Group, Sep. 1997, pp. 1-20.
Sholander, et al., "The Effect of Algorithm-Agile Encryption on ATM Quality of Service", Global Telecommunications Conference (Globecom), IEEE, Nov. 3, 1997, pp. 470-474.
Smirni, et al., "Evaluation of Multiprocessor Allocation Policies", Techical Report, Vanderbilt Univeristy, Online, 1993, pp. 1-21.
Srisuresh, P., "Security Model with Tunnel-mode Ipsec for NAT Domains", Lucent Technologies, Network Working Group, Oct. 1999, pp. 1-11.
Srisuresh, P., et al., "IP Network Address Translator (NAT) Terminology and Considerations", Lucent Technologies, Network Working Group, Aug. 1999, pp. 1-30.
Stallings, W., "SHA: The Secure Wash Algorithm Putting Message Digests to Work", Dr. Dobbs Journal, Redwood City, CA, US, Apr. 1, 1994, pp. 32, 34.
Tarman, et al., "Algorithm-Agile Encryption in ATM Networks", IEEE Computer, Sep. 1998, vol. 31, No. 1, pp. 57-64.
Touch, Joseph D., "Perforamance Analysis of MD5", Computer Communications Review, Association for Computing Machinery, New York, vol. 25, No. 44, Oct. 1, 1995, pp. 77-86.
Wassal, et al., "A VLSI Architecture for ATM Algorithm-Agile Encryption", Proceedings Ninth Great Lakes Symposium on VLSI, Mar. 4-6, 1999, pp. 325-328.
Yong, kyu Kang et al.; "An Efficient Implementation of Hash Function Processor for IPSEC"; ACM 2000; pp. 1-4.

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070110230A1 (en) * 2000-04-13 2007-05-17 Broadcom Corporation Authentication engine architecture and method
US8000469B2 (en) * 2000-04-13 2011-08-16 Broadcom Corporation Authentication engine architecture and method
US7908484B2 (en) * 2003-08-22 2011-03-15 Nokia Corporation Method of protecting digest authentication and key agreement (AKA) against man-in-the-middle (MITM) attack
US20050044365A1 (en) * 2003-08-22 2005-02-24 Nokia Corporation Method of protecting digest authentication and key agreement (AKA) against man-in-the-middle (MITM) attack
US20050123140A1 (en) * 2003-12-04 2005-06-09 Feghali Wajdi K. Technique for implementing a security algorithm
US7747020B2 (en) * 2003-12-04 2010-06-29 Intel Corporation Technique for implementing a security algorithm
US7684563B1 (en) * 2003-12-12 2010-03-23 Sun Microsystems, Inc. Apparatus and method for implementing a unified hash algorithm pipeline
US8571207B2 (en) * 2008-11-28 2013-10-29 Canon Kabushiki Kaisha Hash value calculation apparatus and method thereof
US20100135484A1 (en) * 2008-11-28 2010-06-03 Canon Kabushiki Kaisha Hash value calculation apparatus and method thereof
US8514855B1 (en) * 2010-05-04 2013-08-20 Sandia Corporation Extensible packet processing architecture
US8874933B2 (en) * 2012-09-28 2014-10-28 Intel Corporation Instruction set for SHA1 round processing on 128-bit data paths
WO2017123902A1 (fr) * 2016-01-15 2017-07-20 Blockchain Asics Llc Asic cryptographique incluant une fonction de transformation codée dans les circuits
US10936758B2 (en) 2016-01-15 2021-03-02 Blockchain ASICs Inc. Cryptographic ASIC including circuitry-encoded transformation function
US10262164B2 (en) 2016-01-15 2019-04-16 Blockchain Asics Llc Cryptographic ASIC including circuitry-encoded transformation function
US10885228B2 (en) 2018-03-20 2021-01-05 Blockchain ASICs Inc. Cryptographic ASIC with combined transformation and one-way functions
US10372943B1 (en) 2018-03-20 2019-08-06 Blockchain Asics Llc Cryptographic ASIC with combined transformation and one-way functions
US10262163B1 (en) 2018-04-25 2019-04-16 Blockchain Asics Llc Cryptographic ASIC with unique internal identifier
US10404463B1 (en) 2018-04-25 2019-09-03 Blockchain Asics Llc Cryptographic ASIC with self-verifying unique internal identifier
US10404454B1 (en) 2018-04-25 2019-09-03 Blockchain Asics Llc Cryptographic ASIC for derivative key hierarchy
US10607031B2 (en) 2018-04-25 2020-03-31 Blockchain Asics Llc Cryptographic ASIC with autonomous onboard permanent storage
US10607030B2 (en) 2018-04-25 2020-03-31 Blockchain Asics Llc Cryptographic ASIC with onboard permanent context storage and exchange
US10607032B2 (en) 2018-04-25 2020-03-31 Blockchain Asics Llc Cryptographic ASIC for key hierarchy enforcement
US10796024B2 (en) 2018-04-25 2020-10-06 Blockchain ASICs Inc. Cryptographic ASIC for derivative key hierarchy
US10256974B1 (en) 2018-04-25 2019-04-09 Blockchain Asics Llc Cryptographic ASIC for key hierarchy enforcement
US10200196B1 (en) 2018-04-25 2019-02-05 Blockchain Asics Llc Cryptographic ASIC with autonomous onboard permanent storage
US11042669B2 (en) 2018-04-25 2021-06-22 Blockchain ASICs Inc. Cryptographic ASIC with unique internal identifier
US11093655B2 (en) 2018-04-25 2021-08-17 Blockchain ASICs Inc. Cryptographic ASIC with onboard permanent context storage and exchange
US11093654B2 (en) 2018-04-25 2021-08-17 Blockchain ASICs Inc. Cryptographic ASIC with self-verifying unique internal identifier
US11714620B1 (en) 2022-01-14 2023-08-01 Triad National Security, Llc Decoupling loop dependencies using buffers to enable pipelining of loops

Also Published As

Publication number Publication date
WO2001080483A3 (fr) 2002-04-04
DE60113395D1 (de) 2005-10-20
ATE304759T1 (de) 2005-09-15
AU2001253888A1 (en) 2001-10-30
WO2001080483A2 (fr) 2001-10-25
US20020001384A1 (en) 2002-01-03
EP1273129A2 (fr) 2003-01-08
EP1273129B1 (fr) 2005-09-14
US20070110230A1 (en) 2007-05-17
DE60113395T2 (de) 2006-06-14
US8000469B2 (en) 2011-08-16

Similar Documents

Publication Publication Date Title
US7177421B2 (en) Authentication engine architecture and method
US7299355B2 (en) Fast SHA1 implementation
US7502463B2 (en) Methods and apparatus for implementing a cryptography engine
US8879727B2 (en) Method and apparatus for hardware-accelerated encryption/decryption
US6870929B1 (en) High throughput system for encryption and other data operations
US20020078342A1 (en) E-commerce security processor alignment logic
US7295671B2 (en) Advanced encryption standard (AES) hardware cryptographic engine
US7249255B2 (en) Apparatus and method for a hash processing system using multiple hash storage areas
EP1215841A2 (fr) Procédé et dispositif de réalisation d'une fonction cryptographique
EP1271839B1 (fr) Circuit de cryptage AES
Satoh et al. ASIC-hardware-focused comparison for hash functions MD5, RIPEMD-160, and SHS
US7213148B2 (en) Apparatus and method for a hash processing system using integrated message digest and secure hash architectures
US7623660B1 (en) Method and system for pipelined decryption
US20020032551A1 (en) Systems and methods for implementing hash algorithms
US7657757B2 (en) Semiconductor device and method utilizing variable mode control with block ciphers
US7366300B2 (en) Methods and apparatus for implementing a cryptography engine
EP1191738A2 (fr) Procédés et dispositif de réalisation d'une fonction cryptographique
US7257229B1 (en) Apparatus and method for key scheduling
JP2000295212A (ja) 暗号データの復号化処理方法および装置
US20030044007A1 (en) Methods and apparatus for accelerating ARC4 processing
US20110176673A1 (en) Encrypting apparatus
US20100138648A1 (en) Information processing apparatus
US7151829B2 (en) System and method for implementing a hash algorithm
CN114553424A (zh) Zuc-256流密码轻量级硬件系统
Chakraborty et al. Fast Low Level Disk Encryption Using FPGAs

Legal Events

Date Code Title Description
AS Assignment

Owner name: BROADCOM CORPORATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BUER, MARK;LAW, PATRICK Y.;QI, ZHENG;REEL/FRAME:011957/0328;SIGNING DATES FROM 20010617 TO 20010622

AS Assignment

Owner name: BROADCOM CORPORATION, CALIFORNIA

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE DOCUMENT EXECUTION DATES OF THE ASSIGNORS PREVIOUSLY RECORDED AT REEL 011957 FRAME 0328;ASSIGNORS:BUER, MARK;LAW, PATRICK Y.;QI, ZHENG;REEL/FRAME:012498/0375;SIGNING DATES FROM 20010517 TO 20010622

FPAY Fee payment

Year of fee payment: 4

FPAY Fee payment

Year of fee payment: 8

SULP Surcharge for late payment

Year of fee payment: 7

AS Assignment

Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH CAROLINA

Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:037806/0001

Effective date: 20160201

Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH

Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:037806/0001

Effective date: 20160201

AS Assignment

Owner name: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD., SINGAPORE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:041706/0001

Effective date: 20170120

Owner name: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:041706/0001

Effective date: 20170120

AS Assignment

Owner name: BROADCOM CORPORATION, CALIFORNIA

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:041712/0001

Effective date: 20170119

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

AS Assignment

Owner name: AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITE

Free format text: MERGER;ASSIGNOR:AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD.;REEL/FRAME:047196/0097

Effective date: 20180509

AS Assignment

Owner name: AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITE

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE EXECUTION DATE PREVIOUSLY RECORDED AT REEL: 047196 FRAME: 0097. ASSIGNOR(S) HEREBY CONFIRMS THE MERGER;ASSIGNOR:AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD.;REEL/FRAME:048555/0510

Effective date: 20180905

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20190213